" hipaa Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘hipaa’

How Is HIPAA-Compliant Email Different from Secure Email?

Wednesday, June 21st, 2017

Protected health information (PHI) is heavily regulated under HIPAA, but the exact details can be confusing. The regulations are designed to keep everyone’s private information safe, but they also put a significant amount of responsibility on businesses.

HIPAA regulations apply to just about every aspect of a person’s medical information, including their transit, storage and security. Because email is such an important and extensively-used form of communication, HIPAA regulations apply to it as well.

HIPAA-compliant email vs secure email

Some may think that secure and encrypted email is all you need to keep PHI safe and emails compliant. The reality is that HIPAA email regulations go above and beyond standard secure email. To protect your business, you need to make sure that your email provider is HIPAA-compliant, not just secure.

Read the rest of this post »

HIPAA-Compliance eBook Series

Wednesday, May 31st, 2017

 

LUXSCI RELEASES FREE HIPAA-COMPLIANCE EBOOK SERIES

New series further explains secure email, texting, websites, web forms and email marketing.

BOSTON, MA – May 30, 2017 – LuxSci (www.luxsci.com), the HIPAA-compliant Internet and Email Security experts, have just released their 3-part eBook series on HIPAA-compliant communications, aimed at healthcare organizations in need of additional information to help them better understand the methods and technologies available for safeguarding their practice and protecting patient privacy.

In the first eBook, “HIPAA-Compliant Email Basics”, LuxSci discusses HIPAA and ePHI, the provisions of the HIPAA email security rule, risk analysis and the need for encryption, and take a closer look at Gmail and Google Apps.

The next eBook, “HIPAA-Compliant Website Basics”, defines what is required from HIPAA-compliant websites, website hosting, and web forms.

The final eBook, “HIPAA-Compliant Bulk Emailing Basics”, is a technical guide to email marketing and outlines best practices for list maintenance, large-scale sending strategies, IP reputation challenges, SPF and DKIM considerations, and HIPAA-compliance specifics.

Erik Kangas, Ph.D. and CEO of LuxSci says, “Online communications technologies are pervasive and they can really help a healthcare organization stay current and engaged.  Understanding the technologies, the risks, and the best practices are the first steps to getting started in a productive, compliant, and profitable direction.  These eBooks provide a great deal of guidance, enabling you to get started quickly.“

To download these free eBooks and find out how LuxSci can help with HIPAA compliance, click here.

How do I send HIPAA-compliant lab results via email?

Friday, May 5th, 2017

A question about HIPAA-compliant transactional email from Ask Erik:

As a non-technical member of the founding team of a Health Care Startup I have a question about HIPAA-compliant email as we begin to send out lab test results to individuals and the health care providers we partner with:

“Does one dedicated email address for results distribution that is HIPAA-compliant and secure make us in compliance. ”

We have team members who communicate with our DDS clinics but they don’t distribute test results. Only I will do that through a dedicated email address.   What do we have to do to be compliant from day one of distributing test results as part of our service to our customers (primarily dentists and oral surgeons)?

I was told by the service provider of our website and email hosting services that if we made the one email address a Business Premium account using the Microsoft Secure Server, that all the other regular email addresses would be covered as well. Is this true?

Thank you for the forum to ask real life scenario questions.

Lab results to email

Hello,

There are many aspects to your question.  Lets address each one in turn:

Read the rest of this post »

HIPAA-compliant Save and Resume for your Web forms

Wednesday, May 3rd, 2017

If you have a long or complex web form, users may wish to fill out only part of it and then save their work so that they can come back later and finish the form.  This is “Save and Resume” functionality.  While some form systems support Save and Resume, few provide HIPAA-compliant Save and Resume.

Form Save and Resume

What does HIPAA-compliant Save and Resume require?

For HIPAA-compliant Save and Resume, at a high level you need:

  1. The form data to be saved must be securely transmitted from the user’s browser to a server
  2. That data should be encrypted while stored
  3. That data must be securely transmitted back from the server when the user wants to resume editing the form
  4. Usually, the end user gets a link that can be used to resume editing the form where the s/he left off.  This link needs to be password protected or otherwise include authentication so that access to the sensitive form data is restricted.  HIPAA requires access control.
  5. Audit trail logs of saving and resuming form data should be kept.
  6. You need a HIPAA Business Associate Agreement with the service provider hosting the database where the form data is being saved.

The majority of Save and Resume functions provided by form service providers either (a) do not encrypt the data, (b) do not provide authentication for resuming the form, (d) do not keep any kind of logs, or (d) do not provide a HIPAA Business Associate Agreement for the data hosting servers.

Read the rest of this post »

Interview with Jim Simpson, Director of Product Management at Duo

Wednesday, April 26th, 2017

Back in 2011, LuxSci integrated Duo.com‘s advanced two-factor authentication into our WebMail service. Any LuxSci customer can use Duo.com to protect their WebMail, as well as their admin access to LuxSci. This all comes at no extra cost.

We even use Duo’s authentication ourselves. It’s great for administrative actions both at the server command line and through the web interface. An advanced two-factor authentication system such as Duo.com is excellent for enhancing a system’s security. It is a requirement for PCI compliance and can be helpful for HIPAA compliance as well.

Duo.com

The new Duo Access service is an innovative way to enforce corporate security policies, helping businesses to drastically cut their risks. Duo’s Jim Simpson has taken some time out of his schedule to answer some questions for us and discuss the details of their service.

Read the rest of this post »

Data Privacy Laws: How Does the US Stack Up Against the EU?

Wednesday, April 12th, 2017

by Josh Lake

As the media attention surrounding the repeal of the data privacy framework begins to calm down, now is the perfect time to examine where the USA stands with our current laws. As one of the most culturally and economically similar parts of the world, comparing our laws against Europe’s can provide a good frame of reference.

While the US government is focusing on stripping back red tape in a bid to kickstart business, the European Union has gone in the other direction and is stepping up its bureaucracy with the General Data Protection Regulation (GDPR). These new laws come into play in May 2018, so businesses are hard at work to make sure they will be compliant when the date swings around.

Read the rest of this post »

If my web site is very simple, do I have to worry about HIPAA compliance?

Friday, March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information.  As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question!  Here, we delve into how you can answer this for your site.

 

Read the rest of this post »

How To Encourage Patient Consent To Email Marketing Without Feeling Slimy

Monday, March 20th, 2017

If email marketing is known to produce results across a variety of industries, why do some professionals feel uncomfortable with it?  Why do they feel “slimy”?  It is not uncommon for people to feel hesitant to engage in email marketing because it somehow feels “wrong” to them.    There are several factors at play in this limiting belief; in this article, we shall shed light on them to help dispel this feeling so that you can confidently get to work and grow your business, knowing that you are actually helping others.

Email Marketing

Read the rest of this post »

WordPress Security Overview: Can WordPress be HIPAA-compliant?

Monday, March 13th, 2017

WordPress is a content management system that dominates the internet, powering more than 24% of the web. Although it has many great features that make it quick and easy to set up, the complications associated with HIPAA standards can make it difficult to achieve compliance. WordPress has recovered from a checkered past as far as security is concerned, but it is still a third party tool which is not specifically designed to conform to HIPAA standards.

WordPress Security

Read the rest of this post »

17 Questions To Ask Yourself Before You Send A HIPAA-Compliant Marketing Email

Friday, March 10th, 2017

You’ve just been told that you need to rethink your entire email marketing system. Your attorney and compliance specialist are both telling that you need implement HIPAA-compliant email marketing.

Your starting point is to break down that goal into two components: business goals and HIPAA compliance. Your email marketing has to achieve your business goals like providing fast customer service and generating more appointments. Next, you need to put HIPAA compliant systems and processes in place.

Use these 17 questions to review your email marketing aligns with your business goals and HIPPA.

HIPAA-compliant email marketing

Image by Nick Youngson

Read the rest of this post »